Yenya's World

Fri, 25 Aug 2006

A New Router

Some time ago we have bought hardware for a new router, but until
few days ago I did not have time to configure it. Yesterday we have
finally moved the traffic to the new server, and should everything be OK,
I will reconfigure the old one as a hot-spare backup. With a hot-spare
backup I will have a testing platform for things like native IPv6 or
multicast.

Apparently while the traffic is almost the same (well, Fridays are always
weaker in the terms of network traffic), it seems that the CPU usage
is significantly lower (the switchover happened before 23:00 yesterday).
I estimate we can now route about 250-300kpps, while the
old configuration peaked somewhere near 150kpps (this is with ~1700
IP tables rules, including connection
tracking, and about 150 classes of HTB traffic shaping, though those do not
carry high amounts of load). The new HW has faster CPUs (2.8GHz vs. 1.8GHz)
and bus (800 MHz vs. 1 GHz), and the difference is visible. We can
now probably match the liberouter
performance with purely commodity hardware.

The next level would probably be buying a 10GbE interface. The new server
has a spare PCIe x16 slot on an independent bus, conected by a separate
HyperTransport channel to the CPU, so I think a 10GbE NIC would not clash with the
rest of the system too much.

While preparing for the redundant configuration I have discovered that the new
HW (which also has two 1000baseT NICs, one 1000baseSX, and one 100baseT)
detects the NICs in a different order than the previous one. So for the
first time I have played with interface renaming. Fedora apparently
can locate interfaces by MAC address, and then rename them according to
its config. Now I have interfaces like uplink, trunk2,
etc.

And now a question for my lazyweb: How would you handle stateful data for
two redundant routers? I mean dhcpd.leases, Arpwatch data,
and few other files. So far I have found csync2 - a purely user-space but not near-realtime solution,
and DRBD, replication on a block device
level (which contains a kernel module, but who knows how stable it is,
especially on a bleeding-edge 64-bit SMP hardware).